Personal USB drive connection to work computers is very risky, anything could have happened i.e. copying company confidential data, malware supply, etc. It’s important to put a stop to using these flash drives on work devices. In this article, I’ll describe how to USB drive block using Intune. In Intune, we have an Attack Surface reduction policy which we are going to configure.
Attack Surface Reduction Policy
- Go to the Intune portal
- Click on Endpoint security and go to the section Attack surface reduction.
- Click on Create Policy
- First select Platform: Windows 10, Windows 11, and Windows Server
- Select Profile Device Control
- Now click on Create
- Enter Name and description then go to Next.
- In the Configuration setting, under the storage section tab, Mark “Disable” for Removable Disk Deny Write Access.
- Choose the scope tag or leave it to Default
- Select assignment to all devices or selected groups of devices
- Now your profile is ready, review and save.
Allow some time to sync this configuration to all assigned devices.
Monitoring Deployment Progress
To monitor deployment
- Go to Endpoint security and select Attack Surface Reduction
- Click on the created profile
- The device assignment status section will give the status of Success, Failure, Conflict, Not Applicable, and In Progress.
How it will show to the end user
Once the policy has been successfully implemented on the targeted device, users will encounter an Access is denied message when they access a USB drive.
Check out more about Intune & I have a specific section for Windows troubleshooting I hope you will like to explore.
Always check the Microsoft Learn website for new study programmes.